(CMR) The Ombudsman's Office has confirmed that the Data Protection Law came into force on September 30. Originally enacted in 2017, the legislation is meant to protect personal data and regulate how your data is used.
The law was originally scheduled to be implemented on January 1, 2019. However, the government pushed the start date back by nine months, following concerns by the financial services industry.
The law regulates how businesses and government agencies must handle all personal data and it provides a framework of rights and duties designed to give individuals greater control over their personal data. This means individuals will have the right to request and access their personal data that is held by an organization, and data controllers have about 30 days to comply.
In addition to the right to request access to their data, the Ombudsman’s Office said, individuals can also ask for rectification of inaccurate data, and to stop direct marketing.
“The long-awaited law was enacted in 2017 following an intensive, multi-year drafting exercise with broad representation from the public and private sectors. The DPL is modelled on data protection legislation in the European Union and is centred around eight data protection principles,” a statement from the Ombudsman’s Office read.
The new law places a number of obligations on data controllers, including a duty to inform individuals how their data is being used, ensure that data is accurate and relevant to the purpose for which it is used, and is retained only for as long as necessary. “Data controllers are also required to notify the Ombudsman and the affected individuals of serious data breaches,” the statement explained.
“Individuals have the right to complain to the Ombudsman if they believe their data is not being processed in accordance with the new law.
More information, including detailed guidance, is available on the website of the Office of the Ombudsman: https://ombudsman.ky/data-protection.